CVE-2014-4427
https://notcve.org/view.php?id=CVE-2014-4427
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. App Sandbox en Apple OS X anterior a 10.10 permite a atacantes evadir un mecanismo de protección de sandbox a través de la API de accesabilidad. • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://www.securityfocus.com/bid/70635 http://www.securitytracker.com/id/1031063 https://exchange.xforce.ibmcloud.com/vulnerabilities/97642 https://support.apple.com/kb/HT6535 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3196
https://notcve.org/view.php?id=CVE-2014-3196
base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 on Windows does not properly implement read-only restrictions on shared memory, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. base/memory/shared_memory_win.cc en Google Chrome anterior a 38.0.2125.101 en Windows no implementa debidamente las restricciones de sólo lectura en la memoria compartida, lo que permite a atacantes remotos evadir un mecanismo de protección sandbox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://www.securityfocus.com/bid/70273 https://crbug.com/338538 https://src.chromium.org/viewvc/chrome?revision=285195&view=revision https://src.chromium.org/viewvc/chrome?revision=288152&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5493
https://notcve.org/view.php?id=CVE-2012-5493
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. gtbn.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos permisos evadir el sandbox de Python y ejecutar código Python arbitrario a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/09 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-5487
https://notcve.org/view.php?id=CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. La función sandbox whitelisting (allowmodule.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos privilegios evadir la restricción sandbox de Python y ejecutar código Python arbitrario a través de vectores relacionados con la importación. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/03 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-4423
https://notcve.org/view.php?id=CVE-2014-4423
The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. El subsistema cuentas en Apple iOS anteriores a 8 permite a atacantes eludir el mecanismo de protección de sandbox y obtener el Apple ID y los metadatos de una cuenta activa de iCloud a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://support.apple.com/kb/HT6441 http://www.securityfocus.com/bid/69882 http://www.securityfocus.com/bid/69917 http://www.securitytracker.com/id/1030866 https://exchange.xforce.ibmcloud.com/vulnerabilities/96099 • CWE-264: Permissions, Privileges, and Access Controls •